Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	PGE considers cybersecurity to be a top enterprise risk in PGE’s enterprise risk management program, and manages the risk by adhering to established security policies and governance, identifying risk through risk assessments, utilizing technology to provide a layered security approach, controlling access, robust security awareness training and conducting resiliency exercises. As a utility with critical infrastructure, both cyber and physical security will continue to be an important consideration for the Company’s future strategy and operations. The Company maintains a cybersecurity program, overseen by a cross-functional executive committee, that uses a risk-based methodology to support the security of its systems.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	PGE has a threat intelligence and insider risk program to stay abreast of emerging cybersecurity threats. The Company’s threat identification process begins with the development of an inventory of critical enterprise processes and critical assets, which allows the Company to prioritize focus in the event of a threat. PGE’s Security Operations Center detects unauthorized entities and actions on the networks and in the physical environment, including personnel activity. Processes are tested regularly, through reviews, audits, and assessments. In addition, cyber security resiliency is enhanced through regular functional and tabletop exercises. PGE manages third party cybersecurity risk by conducting due diligence to identify risks from third parties; requiring review and approval before onboarding a third party. Any third party that fails to meet the Company’s security requirements is subjected to additional risk screenings. PGE may decide not to move forward with a vendor that does not meet security requirements. The Company also has procured cybersecurity insurance. All employees are required to take annual cybersecurity awareness training. The Company conducts monthly phishing campaigns in which employees are expected to report suspicious emails. If employees click on the training phishing email, they are provided immediate feedback on how to avoid phishing, in addition to being required to complete additional training. Quarterly security awareness is provided to all employees and focuses on cyber and physical security best practices.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	The Audit and Risk Committee of the Board of Directors has oversight of cybersecurity risk and receives briefings on a quarterly basis. The briefings are provided either by the cybersecurity team, together with a senior member of management, or are presented as part of the Audit and Risk Committee’s regular review of top enterprise risks, in which cybersecurity risk is reviewed annually or more frequently if circumstances warrant. The Audit and Risk Committee briefs the full Board of Directors at each meeting. In addition, the full Board of Directors has participated in cybersecurity exercises. The Audit and Risk Committee is also provided with information about external assessment results and action plans. There is a process in place to notify the Audit and Risk Committee promptly in the event of a material cybersecurity incident.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit and Risk Committee of the Board of Directors has oversight of cybersecurity risk
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Audit and Risk Committee of the Board of Directors has oversight of cybersecurity risk and receives briefings on a quarterly basis. The briefings are provided either by the cybersecurity team, together with a senior member of management, or are presented as part of the Audit and Risk Committee’s regular review of top enterprise risks, in which cybersecurity risk is reviewed annually or more frequently if circumstances warrant. The Audit and Risk Committee briefs the full Board of Directors at each meeting. In addition, the full Board of Directors has participated in cybersecurity exercises. The Audit and Risk Committee is also provided with information about external assessment results and action plans. There is a process in place to notify the Audit and Risk Committee promptly in the event of a material cybersecurity incident.
Cybersecurity Risk Role of Management [Text Block]	reviews risks, processes, and strategies related to cybersecurity
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Members of the ISEC include the Chief Information Officer, the Chief Operating Officer, the Chief Executive Officer, and the Chief Legal and Compliance Officer.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	This employee has had a twenty-five year career with the Federal Bureau of Investigation (FBI) prior to joining the Company. She served as the Confidential Advisor to the Director of the FBI, providing strategic advice across all threats allowing her to develop unique and key insights into the global cyber threat landscape, FBI cyber strategy, and cyber operations. Prior to joining the Company, she served as the Special Agent in Charge of the FBI Jacksonville Division where she led all FBI cyber investigations and operations for nation state and criminal actors.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	on a quarterly basis. The briefings are provided either by the cybersecurity team, together with a senior member of management, or are presented as part of the Audit and Risk Committee’s regular review of top enterprise risks, in which cybersecurity risk is reviewed annually or more frequently if circumstances warrant. The Audit and Risk Committee briefs the full Board of Directors at each meeting. In addition, the full Board of Directors has participated in cybersecurity exercises. The Audit and Risk Committee is also provided with information about external assessment results and action plans. There is a process in place to notify the Audit and Risk Committee promptly in the event of a material cybersecurity incident.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

PGE considers cybersecurity to be a top enterprise risk in PGE’s enterprise risk management program, and manages the risk by adhering to established security policies and governance, identifying risk through risk assessments, utilizing technology to provide a layered security approach, controlling access, robust security awareness training and conducting resiliency exercises. As a utility with critical infrastructure, both cyber and physical security will continue to be an important consideration for the Company’s future strategy and operations. The Company maintains a cybersecurity program, overseen by a cross-functional executive committee, that uses a risk-based methodology to support the security of its systems.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

PGE has a threat intelligence and insider risk program to stay abreast of emerging cybersecurity threats. The Company’s threat identification process begins with the development of an inventory of critical enterprise processes and critical assets, which allows the Company to prioritize focus in the event of a threat. PGE’s Security Operations Center detects unauthorized entities and actions on the networks and in the physical environment, including personnel activity. Processes are tested regularly, through reviews, audits, and assessments. In addition, cyber security resiliency is enhanced through regular functional and tabletop exercises.

PGE manages third party cybersecurity risk by conducting due diligence to identify risks from third parties; requiring review and approval before onboarding a third party. Any third party that fails to meet the Company’s security requirements is subjected to additional risk screenings. PGE may decide not to move forward with a vendor that does not meet security requirements. The Company also has procured cybersecurity insurance.

All employees are required to take annual cybersecurity awareness training. The Company conducts monthly phishing campaigns in which employees are expected to report suspicious emails. If employees click on the training phishing email, they are provided immediate feedback on how to avoid phishing, in addition to being required to complete additional training. Quarterly security awareness is provided to all employees and focuses on cyber and physical security best practices.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

The Audit and Risk Committee of the Board of Directors has oversight of cybersecurity risk and receives briefings on a quarterly basis. The briefings are provided either by the cybersecurity team, together with a senior member of management, or are presented as part of the Audit and Risk Committee’s regular review of top enterprise risks, in which cybersecurity risk is reviewed annually or more frequently if circumstances warrant. The Audit and Risk Committee briefs the full Board of Directors at each meeting. In addition, the full Board of Directors has

participated in cybersecurity exercises. The Audit and Risk Committee is also provided with information about external assessment results and action plans. There is a process in place to notify the Audit and Risk Committee promptly in the event of a material cybersecurity incident.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Audit and Risk Committee of the Board of Directors has oversight of cybersecurity risk

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Audit and Risk Committee of the Board of Directors has oversight of cybersecurity risk and receives briefings on a quarterly basis. The briefings are provided either by the cybersecurity team, together with a senior member of management, or are presented as part of the Audit and Risk Committee’s regular review of top enterprise risks, in which cybersecurity risk is reviewed annually or more frequently if circumstances warrant. The Audit and Risk Committee briefs the full Board of Directors at each meeting. In addition, the full Board of Directors has

Cybersecurity Risk Role of Management [Text Block]

reviews risks, processes, and strategies related to cybersecurity

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Members of the ISEC include the Chief Information Officer, the Chief Operating Officer, the Chief Executive Officer, and the Chief Legal and Compliance Officer.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

This employee has had a twenty-five year career with the Federal Bureau of Investigation (FBI) prior to joining the Company. She served as the Confidential Advisor to the Director of the FBI, providing strategic advice across all threats allowing her to develop unique and key insights into the global cyber threat landscape, FBI cyber strategy, and cyber operations. Prior to joining the Company, she served as the Special Agent in Charge of the FBI Jacksonville Division where she led all FBI cyber investigations and operations for nation state and criminal actors.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

on a quarterly basis. The briefings are provided either by the cybersecurity team, together with a senior member of management, or are presented as part of the Audit and Risk Committee’s regular review of top enterprise risks, in which cybersecurity risk is reviewed annually or more frequently if circumstances warrant. The Audit and Risk Committee briefs the full Board of Directors at each meeting. In addition, the full Board of Directors has

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true